An advertisement for the sale of a vast database and 5 million pieces of data stolen from Italian websites. This is what was spotted on some forums dedicated to cyber attacks last August and concerning more than 72 Italian newspapers.
Even today, however, the information is still for sale, with a demand ranging between $7,500 and $13,000. Many ransom demands have been received by the various newspapers, as well as direct contact with users, exploited to create tension and pressure.
The stolen information included credentials, personal data, addresses, e-mails, passwords, and device UIDs on more than 72 Italian newspaper websites using the CMS ‘NAVIGAGLOBAL.COM’. The attack was traced back to the cyber gang Alpha Team. In this article, we look at what you can do to limit the damage and secure your data.
High risk for privacy
This type of data leakage poses a significant threat to the privacy of the users involved and could be used for fraud, identity theft or other illegal activities.
The announcement includes database samples revealing the database structure and personal data of users, and technical details about the operating systems used by the servers (Linux Ubuntu), web technologies (JSP, Nginx 1.14.0), and backend databases (MySQL >= 5.6).
Example of leaked data
One of the samples concerns a list of customers with personal data such as name, email, address and other sensitive details, including:
- Customer ID
- First and last name
- Date of birth
- Address and password (in MD5 format).
The affected websites include big names from the Italian publishing scene. Details on the screen:
What to do if your data has been stolen?
If you are among the registered users on one of the affected sites, it is essential to take some immediate steps to protect your personal data:
- Change your password: if you have used the same password on other sites, you should immediately change your credentials on all linked services. It is recommended to create a new, complex and unique password for each account.
- Enable two-factor authentication (2FA): whenever possible, enable two-factor authentication. This additional level of security makes it more difficult to access your accounts even if your password has been compromised.
- Monitor your emails and financial accounts: pay attention to any suspicious emails or unusual activity on your accounts. Such signs could indicate phishing attempts or scams related to leaked data.
- Check if your email address has been compromised: use tools such as Have I Been Pwned to check if your email address has been involved in other data leaks.
- Consider using a password manager: a password manager will allow you to generate and store secure and unique passwords for each account, thus reducing the risk of further breaches.
By taking these measures, you can reduce damage and prevent fraudulent use of your personal information.
Analysis by Vasily Kononov – Threat Intelligence Lead, CYBEROO